| Default Domain Policy | |
| Data collected on: 23/04/2025 10:47:15 | |
| Domain | bfl.local |
| Owner | BFL\srv.AGPM.Prod |
| Created | 18/08/2001 10:55:56 |
| Modified | 11/05/2023 09:42:16 |
| User Revisions | 16 (AD), 16 (SYSVOL) |
| Computer Revisions | 295 (AD), 295 (SYSVOL) |
| Unique ID | {31B2F340-016D-11D2-945F-00C04FB984F9} |
| GPO Status | Enabled |
| Location | Enforced | Link Status | Path |
|---|---|---|---|
| bfl | No | Enabled | bfl.local |
| RMS | Yes | Disabled | bfl.local/Accounts Computer/Desktops/UK/RMS |
| CVAD | No | Enabled | bfl.local/Accounts Computer/Hawthorne/CVAD |
| US Beazley VDI Desktop DEV - W11 | No | Enabled | bfl.local/Accounts Computer/Hawthorne/CVAD/Cloud VDA/Desktop OS/US Beazley VDI Desktop DEV - W11 |
| US Beazley VDI Desktop PRD - W11 | No | Enabled | bfl.local/Accounts Computer/Hawthorne/CVAD/Cloud VDA/Desktop OS/US Beazley VDI Desktop PRD - W11 |
| CVAD | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD |
| EU Beazley P-VDI Desktop DEV - W11 | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD/Cloud VDA/Desktop OS/EU Beazley P-VDI Desktop DEV - W11 |
| EU Beazley VDI Desktop DEV - W11 | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD/Cloud VDA/Desktop OS/EU Beazley VDI Desktop DEV - W11 |
| EU Beazley VDI Desktop ENG - W11 | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD/Cloud VDA/Desktop OS/EU Beazley VDI Desktop ENG - W11 |
| EU Beazley VDI Desktop PRD - W11 | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD/Cloud VDA/Desktop OS/EU Beazley VDI Desktop PRD - W11 |
| EU Beazley HSD Desktop ENG - W22 | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD/Cloud VDA/Server OS/EU Beazley HSD Desktop ENG - W22 |
| EU Beazley HSD Desktop PRD - W22 | No | Enabled | bfl.local/Accounts Computer/Ireland/CVAD/Cloud VDA/Server OS/EU Beazley HSD Desktop PRD - W22 |
| CVAD | No | Enabled | bfl.local/Accounts Computer/London/CVAD |
| EU Beazley P-VDI Desktop DEV - W11 | No | Enabled | bfl.local/Accounts Computer/London/CVAD/Cloud VDA/Desktop OS/EU Beazley P-VDI Desktop DEV - W11 |
| EU Beazley VDI Desktop DEV - W11 | No | Enabled | bfl.local/Accounts Computer/London/CVAD/Cloud VDA/Desktop OS/EU Beazley VDI Desktop DEV - W11 |
| EU Beazley VDI Desktop PRD - W11 | No | Enabled | bfl.local/Accounts Computer/London/CVAD/Cloud VDA/Desktop OS/EU Beazley VDI Desktop PRD - W11 |
| Sandbox | No | Enabled | bfl.local/Accounts Computer/London/Servers & Exceptions/Test/Sandbox |
| CVAD | No | Enabled | bfl.local/Accounts Computer/Marlborough/CVAD |
| US Beazley VDI Desktop DEV - W11 | No | Enabled | bfl.local/Accounts Computer/Marlborough/CVAD/Cloud VDA/Desktop OS/US Beazley VDI Desktop DEV - W11 |
| US Beazley VDI Desktop PRD - W11 | No | Enabled | bfl.local/Accounts Computer/Marlborough/CVAD/Cloud VDA/Desktop OS/US Beazley VDI Desktop PRD - W11 |
| Test | No | Enabled | bfl.local/Accounts User/Farmington/IT/Test |
| Name |
|---|
| NT AUTHORITY\Authenticated Users |
| Name | Allowed Permissions | Inherited |
|---|---|---|
| BFL\Domain Admins | Read | No |
| BFL\Enterprise Admins | Read | No |
| NT AUTHORITY\Authenticated Users | Read (from Security Filtering) | No |
| NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS | Read | No |
| Policy | Setting |
|---|---|
| Enforce password history | 24 passwords remembered |
| Maximum password age | 0 days |
| Minimum password age | 1 days |
| Minimum password length | 8 characters |
| Password must meet complexity requirements | Enabled |
| Store passwords using reversible encryption | Disabled |
| Policy | Setting |
|---|---|
| Account lockout duration | 30 minutes |
| Account lockout threshold | 3 invalid logon attempts |
| Reset account lockout counter after | 30 minutes |
| Policy | Setting |
|---|---|
| Enforce user logon restrictions | Enabled |
| Maximum lifetime for service ticket | 600 minutes |
| Maximum lifetime for user ticket | 10 hours |
| Maximum lifetime for user ticket renewal | 7 days |
| Maximum tolerance for computer clock synchronization | 5 minutes |
| Policy | Setting |
|---|---|
| Audit account logon events | Success, Failure |
| Audit account management | Success, Failure |
| Audit logon events | Success, Failure |
| Policy | Setting |
|---|---|
| Deny log on locally | BFL\sec.deny.interactive.logon |
| Deny log on through Terminal Services | BFL\sec.deny.interactive.logon |
| Policy | Setting |
|---|---|
| Interactive logon: Prompt user to change password before expiration | 14 days |
| Policy | Setting |
|---|---|
| Network security: Force logoff when logon hours expire | Disabled |
| Policy | Setting |
|---|---|
| Recovery console: Allow automatic administrative logon | Enabled |
| Recovery console: Allow floppy copy and access to all drives and all folders | Enabled |
| Policy | Setting |
|---|---|
| Network security: Restrict NTLM: Audit Incoming NTLM Traffic | Enable auditing for all accounts |
| Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers | Allow all |
| Policy | Setting |
|---|---|
| Maximum application log size | 65536 kilobytes |
| Maximum security log size | 65536 kilobytes |
| Maximum system log size | 65536 kilobytes |
| Retention method for application log | As needed |
| Retention method for security log | As needed |
| Retention method for system log | As needed |
| Issued To | Issued By | Expiration Date | Intended Purposes |
|---|---|---|---|
| admin_rs | admin_rs | 29/01/2111 13:48:26 | File Recovery |
| Automatic Certificate Request |
|---|
| Computer |
| Issued To | Issued By | Expiration Date | Intended Purposes |
|---|---|---|---|
| admin_rs | admin_rs | 29/01/2111 13:48:26 | File Recovery |
| Policy | Setting |
|---|---|
| Policy version | 2.10 |
| Disable stateful FTP | Not Configured |
| Disable stateful PPTP | Not Configured |
| IPsec exempt | Not Configured |
| IPsec through NAT | Not Configured |
| Preshared key encoding | Not Configured |
| SA idle time | Not Configured |
| Strong CRL check | Not Configured |
| Policy | Setting |
|---|---|
| Firewall state | Off |
| Inbound connections | Not Configured |
| Outbound connections | Not Configured |
| Apply local firewall rules | Not Configured |
| Apply local connection security rules | Not Configured |
| Display notifications | Not Configured |
| Allow unicast responses | Not Configured |
| Log dropped packets | Not Configured |
| Log successful connections | Not Configured |
| Log file path | Not Configured |
| Log file maximum size (KB) | Not Configured |
| Policy | Setting |
|---|---|
| Firewall state | Off |
| Inbound connections | Not Configured |
| Outbound connections | Not Configured |
| Apply local firewall rules | Not Configured |
| Apply local connection security rules | Not Configured |
| Display notifications | Not Configured |
| Allow unicast responses | Not Configured |
| Log dropped packets | Not Configured |
| Log successful connections | Not Configured |
| Log file path | Not Configured |
| Log file maximum size (KB) | Not Configured |
| Policy | Setting |
|---|---|
| Firewall state | Off |
| Inbound connections | Not Configured |
| Outbound connections | Not Configured |
| Apply local firewall rules | Not Configured |
| Apply local connection security rules | Not Configured |
| Display notifications | Not Configured |
| Allow unicast responses | Not Configured |
| Log dropped packets | Not Configured |
| Log successful connections | Not Configured |
| Log file path | Not Configured |
| Log file maximum size (KB) | Not Configured |
| Name | Description | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Windows Remote Management (HTTP-In) | Inbound rule for Windows Remote Management via WS-Management. [TCP 5985] | ||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| DNS suffix search list | Enabled | |||
| ||||
| Policy | Setting | Comment |
|---|---|---|
| Windows Firewall: Protect all network connections | Disabled |
| Policy | Setting | Comment | ||
|---|---|---|---|---|
| Set maximum Kerberos SSPI context token buffer size | Enabled | |||
| ||||